Untitled :: MTG Documentation

For the latest version, please use Key Management System 3.12.0!

Release 3.9.1

Date: 2025-11-14

MTG KMS-UI
- Fixed an issue with the parameters passed from some pages to others.
- Fixed creation of Kms Client and Tenant User from Create… dropdown menu in the KMS Tenant UI
- Fixed arrow icon for KEKs in the sidemenu of KMS Tenant UI
- Fixed an issue with the activation/deactivation of a KEK in KMS Tenant UI.
MTG KMS-SERVER
- A database lock was used, which unfortunately is not supported by Galera. This can lead to a deadlock, which is resolved after 90 seconds. The database lock was removed and resolved using optimistic locking.
- According to the Kmip Spec, the attribute name must be unique per domain (tenant). This can lead to multiple entries with the same name. A unique constraint was missing in the database, which is now set for all databases using the name and the TenantId.
- Rekey and Rekey-KeyPair are now working with the name as specified in Kmip Specification. If there is a name on the original key, then this name is moved to the new recreated key.
- An exception is thrown if trying to set an empty name or alternative name

Attention: See installation instructions regarding migration of the unique constraint!

List of all MTG Java Application Projects see [MTG_ERS_JAVA].

Supported Operating Systems [OS].

Support of OpenSSL versions, see [OpenSSL_compatibility].

Supported Operating Systems [OS_PKCS11].

When browsing from within desktop or table, the sidemenu remains open after navigation item is selected.
New column was added for the state of the cryptographic objects table in KMS Crypto UI.
Enabled the filtering for Destroyed cryptographic objects in KMS Crypto UI.

Before migration, the system checks whether there are duplicate names for a tenant and if so, aborts with a Flyway error message. Therefore, it is essential to check in advance that there are no duplicate names per tenant!